UN Fights Back but Not Immune to Cyberattacks

UNITED NATIONS (IDN) – When in United Nations headquarters, be careful what you say over your phone or communicate in your e-mails. The chances are you are being listened to, read or watched without your consent. More so if you are a diplomat, but you can also be a person of interest if you are a journalist.

Several UN colleagues, including two presidents of the United Nations Correspondents Association (UNCA) have complained about their e-mails being hacked.

Valeria Robecco, newly-elected president of UNCA at the UN headquarters in New York, sent an e-mail to 15 members of the association’s Board of Directors advising them that her e-mail had been hacked. The same had happened to her predecessor Sherwin Bryce-Pease.

“We all need to be more sensitive and aware of these issues,” one UN journalist told WebPublicaPress.

When asked what the United Nations does to protect its data and websites from hackers, deputy spokesperson for the Secretary-General Farhan Haq told WebPublicaPress in New York that the United Nations “takes all appropriate measures to ensure the security of our internet and other communications.”

New era and responsibilities

Asked to be more specific and give an example of how United Nations had defended itself in the case of previous attacks, Haq did not acknowledge any. “I cannot confirm for you the details of previous incidents of cyberattacks but can inform you that when we have believed our communications to be insecure, we have taken up the issue with the relevant States.”

A UN spokesperson told WebPublicaPress: “We don’t provide details on these incidents given the cybersecurity implications.”

Talking to WebPublicaPress, veteran UN correspondent Thalif Deen said he can understand the “UN’s reluctance to reveal its security measures against hackers, but its defences may be a good try in a lost cause.”

He pointed out that with 193 diplomatic UN missions spread across New York City “and not forgetting the UN Secretariat,” there is obviously “a gold mine of information out there waiting to be extracted both from computers and from smartphones.”

“But no protective measures are foolproof — considering the fact that hackers have even penetrated the bowels of the Pentagon and the Central Intelligence Agency (CIA)”, said Deen.

Not without ironic humour, Deen said that when cybercriminals attacked government offices in a West European country in 2018, “at least one ministry went back to the stone age.” But, he said, it is difficult to suggest that people “abandon computers in favour of typewriters ... it’s not a practical solution in a fast-moving world of technological innovation.”

“The bottom line: we may have to learn to live with hackers and cybercriminals because nothing is sacred in this world anymore,” concluded Deen.

Is the United Nations ready for the new age?

Talking at the high panel event of the UN Alliance of Civilisations in November 2018 in New York, former president of Slovenia and one-time candidate for UN Secretary General (2016), Danilo Turk said that the United Nations is not ready for the new age of high technology and artificial intelligence, “and we don’t know who will be able to control the message and the actual narrative,” Turk said.

Nobody from the UN officials presented at the panel was able to oppose him or to offer a more optimistic vision.

At the same time, institutional memory must be respected in order to respect the code of contact at the United Nations.

The United Nations claims that acts of espionage on it are illegal under a number of treaties, including the 1946 Convention on the Privileges and Immunities of the United Nations, the 1947 agreement between the United Nations and the United States, and the 1961 Vienna Convention on diplomatic relations.

On a daily basis, business at the East River (UN headquarters) proceeds as usual. Out there, it sometimes looks like a cyber jungle, and neither the United Nations nor its agencies can regulate it.

It has not always been like that, because there were not so many participants and not so many sophisticated culprits.

Samir Sanbar, a former Assistant Secretary-General and one-time head of the Department of Public Information, told WebPublicaPress that when the United Nations launched its first website (www.un.org) in 1993, there had been no noted cyberattacks for at least a decade.

Sanbar said that, “recent vulnerability, including the Secretary-General’s office, may be due to updated capacity to infiltrate, coupled with more exposure by the Secretary-General to digital communications.”

Sanbar, who wrote the book “Inside the United Nations: In A Leaderless World” in 2016, warns that officials whose data is not protected enough at meetings and during their stay in cities to which they travel because of their work are too open for attackers. He cites an example when after one World Economic Summit in Davos, Switzerland, more than several UN officials became victims of hacking with their credit card numbers stolen and later used by thieves.

Sanbar claims that “the collapse of the system” in the United Nations began when many civil servants were replaced by those who work only under contract, and whose loyalty is not owed to the United Nations, but rather to the governments that employ them in the world organisation.

For Sanbar it is a question of confidence, the absence of standards on how to deal and protect sensitive information because there is a lack of loyalty of many who now work at the United Nations.

“The international civil service inspired by [second UN] Secretary-General Dag Hammarskjold maintained credible performance until it was eroded and undercut by governmental appointments in senior positions,” Sanbar told WebPublicaPress.

He points out this should be also considered when talking on current Secretary-General António Guterres’ participation “in technical website meetings – more recently in Portugal, Geneva and elsewhere, making his contact details vulnerable to determined infiltrators.”

In September 2018, London-based The Economist reminded us of one of Donald Trump’s messages on Twitter that confuse, rather than clarify. The U.S. president expressed his gratitude to North Korean dictator Kim Jong Un just a few hours before the U.S. Justice Department published a 174-page criminal complaint against Park Jin Hyok, a hacker affiliated with North Korea’s military intelligence.

International law and who pays the price

According to the FBI, the damage caused by North Korea’s operations (working much also from Chinese soil), “is virtually unparalleled”, as The Economist put it. It wiped almost half of Sony’s data in 2014 to prevent the studio releasing the “The Interview”, a film on how North Korea forwarded its depiction of an assassination plot against Kim Jong Un.

The second attack by same North Korean source in 2016 stole 81 million dollars from the central bank of Bangladesh, and it was the largest digital bank robbery ever. The third attack, known as “WannaCry 2.0”, was ransomware against hundreds of thousands of computers in 150 countries.

Not to forget Russian hackers who have been blamed for the hacking of the Democratic National Committee (DNC) in the election year of 2016.

As a consequence, there is an ongoing cyber-vendetta in the air.

“America’s increasingly litigious response to cyberattacks throws up another concern: will its own legion of government hackers face retribution in kind,” stated The Economist.

In the meantime, we all pay the price. Recently our own WebPublicaPress site was hacked and we temporarily lost the ability to access ranking and Internet trafficking data. Those attacks ruin confidence with the readers and leave an imperfect business image to any potential client.

Thus large organisations like the United Nations have to show more transparency and constantly point to better standards of protection in the world of technology that not only serves us but also ulcers us like corrosion from inside and outside, no matter what.

It is a simple must for developing norms of state behaviour in the cyberspace arena. But China, for example, has never liked the idea that international law applies to cyberspace. In that sense Chinese officials have many times made the UN Charter and the “importance of sovereignty” the priority without the rest of international law. According to published media reports in 2015, while meeting the UN group, China’s representative proposed “taking out all references to international law in the upcoming report.”

Yet, those familiar with the issues are firm in their assuredness: it is a question of International Law. [IDN-InDepthNews – 15 February 2019]